diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2018-08-22 09:49:25 +0200 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2018-08-23 20:39:39 +0200 |
commit | 4bc16aeb73c1201f187742e0fefe35521fae77ac (patch) | |
tree | c3324a63b842682ad53c1cb4fa7b2581c661e468 /configure.ac | |
parent | 229340812f6e6cc8c868915055583f60c82a8cf3 (diff) |
rhbz#1618703: Allow to use OpenSSL as backend for rtl/cipher.h
...with new configuration option --enable-cipher-openssl-backend
rtl/cipher.h (which is part of the stable URE interface) offers functionality to
en-/decrypt data with Blowfish in ECB, CBC, and streaming CFB mode, and with RC4
(aka ARCFOUR; which is a stream cipher). LO itself only uses Blowfish CFB and
RC4, so only those are wired to OpenSSL for now, for simplicity. Using Blowfish
ECB and CBC, or Blowfish CFB in DirectionBoth mode would cause failures for now
(cf. sal/qa/rtl/cipher/rtl_cipher.cxx); the assumption is that no external code
actually makes use of this functionality.
Using NSS instead of OpenSSL could be an alternative, but there appears to be no
support in NSS for Blowfish in streaming CFB mode, only CKM_BLOWFISH_CBC for
CBC mode.
Change-Id: I0bc042961539ed46844c96cb1c808209578528a0
Reviewed-on: https://gerrit.libreoffice.org/59428
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index fbb74238379b..88dd8bfb3e1a 100644 --- a/configure.ac +++ b/configure.ac @@ -1480,6 +1480,11 @@ AC_ARG_ENABLE(openssl, use only if you are hacking on it.]), ,enable_openssl=yes) +libo_FUZZ_ARG_ENABLE(cipher-openssl-backend, + AS_HELP_STRING([--enable-cipher-openssl-backend], + [Enable using OpenSSL as the actual implementation of the rtl/cipher.h functionality. + Requires --enable-openssl.])) + AC_ARG_ENABLE(library-bin-tar, AS_HELP_STRING([--enable-library-bin-tar], [Enable the building and reused of tarball of binary build for some 'external' libraries. @@ -9471,6 +9476,24 @@ fi AC_SUBST([DISABLE_OPENSSL]) +if test "$enable_cipher_openssl_backend" = yes && test "$DISABLE_OPENSSL" = TRUE; then + if test "$libo_fuzzed_enable_cipher_openssl_backend" = yes; then + AC_MSG_NOTICE([Resetting --enable-cipher-openssl-backend=no]) + enable_cipher_openssl_backend=no + else + AC_MSG_ERROR([--enable-cipher-openssl-backend needs OpenSSL, but --disable-openssl was given.]) + fi +fi +AC_MSG_CHECKING([whether to enable the OpenSSL backend for rtl/cipher.h]) +ENABLE_CIPHER_OPENSSL_BACKEND= +if test "$enable_cipher_openssl_backend" = yes; then + AC_MSG_RESULT([yes]) + ENABLE_CIPHER_OPENSSL_BACKEND=TRUE +else + AC_MSG_RESULT([no]) +fi +AC_SUBST([ENABLE_CIPHER_OPENSSL_BACKEND]) + dnl =================================================================== dnl Check for building gnutls dnl =================================================================== |